Current Operational Security Practices in
Internet Service Provider Environments

Mitre Nomenclature Projects

The U.S. government has contracted Mitre to define
information nomenclature.
Researchers, the IT industry, the anti-virus industry,
and more need to have a common language to describe
threats, defenses, and more.
I was teaching a UNIX security course in the Washington DC
area when these nomenclature projects came up.
A student who worked for a U.S. Government agency said,
"Oh, that sounds likesuch a Mitre project!",
meaning that it was complicated, performed for the U.S.
Government in return for vast sums of money,
and was just the organization of actual work done by others.
But these projects are useful to give the
information security community a more useful common language.

CCE —
Common Configuration Enumeration
Now that you know which OS you're dealing with (according
to CPE), what are the specific configuration details
that you will be told to adjust?
Unique identifiers for common system configuration issues,
and suggested configuration guidelines.
http://cce.mitre.org/